How is this different than “security”? The difference is in motivation, purpose, and risks. In this post I hope to spell out the argument for creating a new category. I also provide a definition. First semantics. While much reviled by the security community outside the US government the use of the term “cyber” has recently gained both relevance and acceptance thanks to high level attention given to it by first the Bush administration and now the Obama presidency. The Bush era saw the inauguration of the Comprehensive Cyber Security Initiative which spelled out, albeit cryptically, twelve components of a government program that could entail over $7 billion in new spending annually.

Mellissa Hathaway firmly established the use of “cyber” in both her address to RSA 2009 and her published Cyberspace Policy Review document.

So “cyber” is now used to refer to those parts of IT infrastructure and the threat environment that deal with countering attacks and “cyberspace” refers to the global network of computers, networks, and people who use them.

Cyber defense defined:

"Cyber defense is that category of products, methodologies and strategies used to counter targeted attacks."

How is this different from what has gone before? The primary difference is the motivation, purpose and methodologies of the attackers. Their concerted effort to infiltrate, steal, sabotage, and attack is a much more serious scenario than the random attacks that have been the norm since the birth of the security industry and the first firewalls and anti-virus products. The attackers now include cyber criminals looking for credit card databases, account access, and executing elaborate pump and dump schemes using compromised stock trading accounts. They include insiders stealing information for sale to those cyber criminals or seeking their own path to riches or revenge against their employers. And yes, cyber defense is the category that addresses the threat posed by nation states, terrorists, and fanatics as they engage in cyber espionage and targeted denial of service attacks.

With the level of spending projected by the United States , the UK, India, Pakistan, Israel, and most modern nations, there will be new players entering the IT security sector. Military contractors such as Raytheon, Booz Allen, and Lockheed Martin have already announced plans for cyber initiatives in order to win a piece of that spending. In the meantime existing vendors of defense security measures are seeing a banner year thanks to that spending. Over time there will develop a class of tools and systems that will address an expressed need for offensive measures as well.IT-Harvest will cover the cyber defense category by writing about these cyber defense tools. They include many existing categories like:Perimeter security. Firewalls, IPS, Web Application Firewalls, and URL content filtering.Identity and access management as it pertains to preventing unauthorized access to critical information and assets.Secure Network Fabric. Using network security capabilities to prevent internal attacks.

Managed Security Service Providers.DDoS defense, recently high-lighted by the Defense Department’s announcement of a Request For Information ion DDoS defense capabilities.Security Event and Information Management, SEIM, as it pertains to identifying and tracking down intruders.Threatchaos will continue to cover the global incidents that pertain to cyber defense: Iranian protesters’ use of Twitter to promulgate DDoS, Israeli and Chinese use of paid bloggers and commentators for psyops, Chinese cyber espionage, Russian crowd sourced attacks against its neighbors, and the cyber defense buildup occurring within the military operations of most nations.We are also announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats. Simply provide your email address here to become a subscriber.

Comments and input are welcome as always on this critical new category.